删除用户脚本
删除用户脚本
提问于 2013-05-13 02:10:51
我找到了这个在互联网上添加和删除用户的脚本,我对它进行了调整,使其适合我的使用。我知道这个脚本很容易受到sql注入的攻击,而且mysql_*也被贬低了,但对我来说,这并不重要,因为它永远不会在真实的环境中发布。
我无法删除任何记录。我还想删除添加用户功能,因为如果要创建新用户,他们可以只使用我创建的注册页面。
以下是脚本:
<?php //admin.php
session_start();
$user = $_SESSION['username'];
include ("connection.php");
$get = mysql_query ("SELECT * FROM Users WHERE username='$user'");
while ($row = mysql_fetch_assoc($get))
{
$admin = $row['admin'];
}
if ($admin==0)
die("Your not an ADMIN!");
?>下一个脚本:
<?php//conection.php
$mysql_hostname = "localhost";
$mysql_user = "root";
$mysql_password = "";
$mysql_database = "ninjaz_gaming";
$prefix = "";
$bd = mysql_connect($mysql_hostname, $mysql_user, $mysql_password) or die("Could not connect database");
mysql_select_db($mysql_database, $bd) or die("Could not select database");
?>删除和更新用户脚本:
<?php//urmuser.php
include('admin.php');
include('connection.php');
if (isset($_POST['id']) &&
isset($_POST['username']) &&
isset($_POST['password']) &&
isset($_POST['email']) &&
isset($_POST['birth']) &&
isset($_POST['age']) &&
isset($_POST['ircts3']) &&
isset($_POST['game']) &&
isset($_POST['gender']) &&
isset($_POST['name']) &&
isset($_POST['admin']))
{
$id = get_post('id');
$username = get_post('username');
$password = get_post(md5('password'));
$email = get_post('email');
$birth = get_post('birth');
$age = get_post('age');
$ircts3 = get_post('ircts3');
$game = get_post('game');
$gender = get_post('gender');
$name = get_post('name');
$administrator = get_post('admin');
if (isset($_POST['delete']) && $id != "")
{
$query = "DELETE FROM Users WHERE id='$id'";
if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}
else
{
$query = "INSERT INTO Users VALUES" .
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game', '$gender', '$name'. '$administrator')";
if (!mysql_query($query, $bd))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}
}
echo <<<_END
<form action="urmuser.php" method="post"><pre>
Id: <input type="text" name="id" />
Username: <input type="text" name="username" />
Password: <input type="text" name="password" />
E-mail: <input type="text" name="email" />
Birth Year: <input type="text" name="birth" />
Age: <input type="text" name="age" />
IRCTS3: <input type="text" name="ircts3" />
Game: <input type="text" name="game" />
Gender: <input type="text" name="gender" />
Name: <input type="text" name="name" />
Admin: <input type="text" name="admin" />
<input type="submit" value="ADD USER" />
</pre></form>
_END;
$query = "SELECT * FROM Users";
$result = mysql_query($query);
if (!$result) die ("Database access failed: " . mysql_error());
$rows = mysql_num_rows($result);
for ($j = 0 ; $j < $rows ; ++$j)
{
$row = mysql_fetch_row($result);
echo <<<_END
<pre>
Id: $row[0]
Username: $row[1]
Password: $row[2]
Email: $row[3]
Birth: $row[4]
Age: $row[5]
IRCTS3: $row[6]
Fav Game: $row[7]
Gender: $row[8]
Name: $row[9]
Admin: $row[10]
</pre>
<form action="urmuser.php" method="post">
<input type="hidden" name="delete" value="yes" />
<input type="hidden" name="id" value="$row[0]" />
<input type="submit" value="DELETE USER" /></form>
_END;
}
mysql_close($bd);
function get_post($var)
{
return mysql_real_escape_string($_POST[$var]);
}
?>回答 2
Stack Overflow用户
回答已采纳
发布于 2013-05-13 02:31:30
正如我在您的代码中看到的,您删除了用户,如果查询结果为真,则重新添加它。
if (isset($_POST['delete']) && $id != "") {
##################################
#####YOU DELETE THE USER HERE
##################################
$query = "DELETE FROM Users WHERE id='$id'";
if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}else{
##################################
##### YOU ADD THE USER AGAIN IF IT WAS DELETE
##################################
$query = "INSERT INTO Users VALUES" .
"('$id','$username','$password','$email','$birth','$age','$ircts3','$game','$gender','$name'. '$administrator')";
if (!mysql_query($query, $bd))
echo "INSERT failed: $query<br />" . mysql_error() . "<br /><br />";
}
}这样用户就永远不会被删除。
::已编辑::
你可以做到的
<?php
session_start();
include ("connection.php");
// check admin part
$isAdmin = 0;
$user = $_SESSION['username'];
$sql = "SELECT * FROM Users WHERE username = '$user' AND admin = 1";
$query = mysql_query($sql,$bd)or die(mysql_error());
if(mysql_num_rows($query)>0){
$isAdmin = 1;
}
if(isset($_GET['id'])){
if($isAdmin == 1){
$delete_id = mysql_real_escape_string($_GET['id']);
$sql = "DELETE FROM Users WHERE id = '$delete_id'";
$query = mysql_query($sql,$bd)or die(mysql_error());
echo "User id: {$_GET['id'] deleted}";
}else{
echo 'You are not an admin';
}
}
$sql = "SELECT * FROM Users ORDER BY id ASC";
$query = mysql_query($sql,$bd)or die(mysql_error());
if(mysql_num_rows($query)>0){
while($row = mysql_fetch_array($query)){
echo '<a href="'.$_SERVER['PHP_SELF'].'?id="'.$row['id'].'">'.$row['id'].'</a> '.$row['username'];
}
}else{
echo "No results in database";
}
?>Stack Overflow用户
发布于 2013-05-13 02:47:49
删除用户的代码位于检查新用户的所有字段是否都已设置的if中,这显然不是删除用户时的情况。
if (isset($_POST['id']) &&
isset($_POST['username']) &&
isset($_POST['password']) &&
isset($_POST['email']) &&
isset($_POST['birth']) &&
isset($_POST['age']) &&
isset($_POST['ircts3']) &&
isset($_POST['game']) &&
isset($_POST['gender']) &&
isset($_POST['name']) &&
isset($_POST['admin']))
{
$id = get_post('id');
$username = get_post('username');
$password = get_post(md5('password'));
$email = get_post('email');
$birth = get_post('birth');
$age = get_post('age');
$ircts3 = get_post('ircts3');
$game = get_post('game');
$gender = get_post('gender');
$name = get_post('name');
$administrator = get_post('admin');
$query = "INSERT INTO Users VALUES" .
"('$id', '$username', '$password', '$email', '$birth', '$age', '$ircts3', '$game', '$gender', '$name'. '$administrator')";
if (!mysql_query($query, $bd))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}
}
else if (isset($_POST['delete']) && isset($_POST['id'])
{
$id = intval(get_post('id'));
$query = "DELETE FROM Users WHERE id='$id'";
if (!mysql_query($query, $bd))
echo "DELETE failed: $query<br />" .
mysql_error() . "<br /><br />";
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/16510545
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号